CN112202875A - Method and device for safety detection based on block link point weight and related product - Google Patents
Method and device for safety detection based on block link point weight and related product Download PDFInfo
- Publication number
- CN112202875A CN112202875A CN202011044005.6A CN202011044005A CN112202875A CN 112202875 A CN112202875 A CN 112202875A CN 202011044005 A CN202011044005 A CN 202011044005A CN 112202875 A CN112202875 A CN 112202875A
- Authority
- CN
- China
- Prior art keywords
- block chain
- weight
- block
- chain node
- historical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000007246 mechanism Effects 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 20
- 238000005259 measurement Methods 0.000 claims description 19
- 238000012544 monitoring process Methods 0.000 claims description 18
- 230000003068 static effect Effects 0.000 claims description 12
- 238000009499 grossing Methods 0.000 claims description 11
- 230000008859 change Effects 0.000 abstract description 12
- 230000002159 abnormal effect Effects 0.000 abstract description 8
- 238000012360 testing method Methods 0.000 description 20
- 238000012545 processing Methods 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000005856 abnormality Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 241001391944 Commicarpus scandens Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1042—Peer-to-peer [P2P] networks using topology management mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1061—Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
- H04L67/1065—Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1087—Peer-to-peer [P2P] networks using cross-functional networking aspects
- H04L67/1089—Hierarchical topologies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Alarm Systems (AREA)
Abstract
The application discloses a method, a device and a related product for safety detection based on block chain node weight, wherein the method comprises the following steps: determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively; comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node; and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system. According to the scheme provided by the implementation, when the weight change of the block chain nodes exceeds the preset difference threshold value, the big data trust system is determined to be abnormal, so that the safety detection is carried out on the big data trust system, and the safety of the big data trust system is ensured.
Description
Technical Field
The present application relates to the field of block chain technologies, and in particular, to a method and an apparatus for performing security detection based on weights of block chain nodes, and a related product.
Background
The block chain-based big data trust system is essentially an integrated application mode of technologies such as a distributed data storage system, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like, and can realize trust and value transfer which cannot be realized by the traditional internet on the internet. It is based on cryptographic principles rather than credit features, enabling any agreed party to trade directly without the involvement of third party intermediaries. On the other hand, there is almost no single point of failure in the blockchain, and the data on the chain is stored on numerous machine nodes around the world, so that the data is "stable", "trusted", and "non-tamperproof", which gives the data on the network a value that can be trusted.
However, most of the existing big data trust systems perform security detection on the block chain thereof by manpower every day or every week, but as more and more applications are built on the block chain, the existing manual security detection scheme has low efficiency and cannot be applied to the detection requirements of the existing big data trust systems.
Therefore, how to provide another security detection scheme suitable for the big data trust system becomes a technical problem to be solved urgently.
Disclosure of Invention
Based on the above problems, embodiments of the present application provide a method, an apparatus, and a related product for performing security detection based on a weight of a blockchain node, so as to solve or alleviate the above problems.
The embodiment of the application discloses the following technical scheme:
1. a method for performing security detection based on block link point weight, comprising:
determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively;
comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node;
and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system.
2. The method according to claim 1, wherein if the difference between the historical weight and the current weight within the preset time period is greater than a set difference threshold, performing security detection on the block link point in the big data trust system comprises: and if the difference between the historical weight and the current weight in the preset time period is greater than the set difference threshold, carrying out safety monitoring on the block link points with the weight difference value exceeding the preset difference threshold.
3. The method of claim 1, wherein the safety monitoring of the block link points whose weight difference values exceed a preset difference threshold comprises: and carrying out safety monitoring on the block chain nodes according to the historical data of the block chain nodes to be detected or the historical communication data of the block chain nodes to be detected and other block chain nodes.
4. The method of claim 1, further comprising: updating the sorted list corresponding to the plurality of block chain nodes at least according to the credible value of each block chain node; and updating the weight of each block chain node according to the digit of each block chain node in the updated ordered list.
5. The method of claim 4, wherein updating the ordered list corresponding to the plurality of block chain node points according to at least the confidence value of each block chain node comprises: and updating the sorted list corresponding to the plurality of block chain link points according to the credible values of the block chain link points and historical operation data corresponding to the block chain link points.
6. The method according to any of claims 4-5, wherein the confidence value of the blockchain node is calculated by: calculating the credibility values of a plurality of block chain nodes based on a set static measurement credibility mechanism; or, calculating the credibility values of the plurality of block chain nodes based on the set dynamic measurement credibility mechanism.
7. The method of claim 6, wherein the comparing the historical weight and the current weight of each blockchain node within a preset time period determines a weight difference of each blockchain node, and further comprising: and smoothing the current weights corresponding to the plurality of block chain link points respectively to determine the node of the block from the plurality of block chain nodes.
8. A big data trust system, comprising: each block chain node is provided with a weight module, and the weight module is used for determining historical weights within a preset time period corresponding to the block chain link points and current weights corresponding to the block chain link points; comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node; and the detection module is used for carrying out safety detection on the big data trust system if the weight difference value of any block chain node exceeds a preset difference threshold value.
9. The system of claim 8, wherein the detection module is configured to perform safety monitoring on the block link points whose weight difference values exceed a preset difference threshold.
10. The system according to claim 8, wherein the detection module is configured to perform security monitoring on the block chain node according to historical data of the block chain node to be detected itself or historical communication data of the block chain node to be detected and other block chain nodes.
11. The system of claim 8, wherein the weighting module is configured to update the ordered list corresponding to the plurality of block link nodes according to at least the confidence value of each block link node; and updating the weight of each block chain node according to the digit of each block chain node in the updated ordered list.
12. The system according to claim 11, wherein each of the block chain nodes is provided with a trusted computing module, configured to update the ordered list corresponding to a plurality of block chain node points according to the trusted value of the block chain node and historical operation data corresponding to the block chain node points.
13. The system according to any one of claims 11-12, wherein the trusted computing module is configured to compute a trusted value of the plurality of blockchain nodes based on a set static metric trust mechanism; or, calculating the credibility values of the plurality of block chain nodes based on the set dynamic measurement credibility mechanism.
14. The system according to claim 13, further comprising a smoothing module at each of said blockchain nodes: the method is used for smoothing the current weights respectively corresponding to the plurality of block chain nodes so as to determine the node of the block from the plurality of block chain nodes.
15. An electronic device, comprising: a memory having computer-executable instructions stored thereon and a processor for executing the computer-executable instructions to perform the steps of:
determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively;
comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node;
and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system.
16. The electronic device of claim 15, wherein if the difference between the historical weight and the current weight within the preset time period is greater than a set difference threshold, the processor is configured to, when performing security detection on the block link point in the big data trust system: and if the difference between the historical weight and the current weight in the preset time period is greater than the set difference threshold, carrying out safety monitoring on the block link points with the weight difference value exceeding the preset difference threshold.
17. The electronic device of claim 15, wherein the processor is configured to, during the safety monitoring of the block link points whose weight difference values exceed the preset difference threshold: and carrying out safety monitoring on the block chain nodes according to the historical data of the block chain nodes to be detected or the historical communication data of the block chain nodes to be detected and other block chain nodes.
18. The electronic device of claim 15, wherein the processor is further configured to: updating the sorted list corresponding to the plurality of block chain nodes at least according to the credible value of each block chain node; and updating the weight of each block chain node according to the digit of each block chain node in the updated ordered list.
19. The electronic device of claim 18, wherein when updating the ordered list corresponding to the plurality of block chain link nodes according to at least the confidence value of each block chain node, the processor is configured to: and updating the sorted list corresponding to the plurality of block chain link points according to the credible values of the block chain link points and historical operation data corresponding to the block chain link points.
20. The electronic device of any of claims 18-19, wherein the processor is further configured to: calculating the credibility values of a plurality of block chain nodes based on a set static measurement credibility mechanism; or, calculating the credibility values of the plurality of block chain nodes based on the set dynamic measurement credibility mechanism.
21. The electronic device of claim 20, wherein the processor is further configured to: and smoothing the current weights corresponding to the plurality of block chain link points respectively to determine the node of the block from the plurality of block chain nodes.
22. A computer storage medium having computer-executable instructions stored thereon that, when executed, perform the steps of:
determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively;
comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node;
and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system.
In the technical scheme of the embodiment of the application, historical weights within a preset time period corresponding to a plurality of block link points respectively and current weights corresponding to the plurality of block link points respectively are determined; comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node; and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system. Therefore, when the weight change of the block chain nodes exceeds a preset difference threshold value, the fact that the big data trust system is abnormal is determined, and therefore safety detection is conducted on the big data trust system, and safety of the big data trust system is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a schematic structural diagram of a big data trust system in an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for performing security detection based on weights of blockchain nodes in an embodiment of the present application;
FIG. 3 is a schematic flow chart illustrating another method for security detection based on block link point weights in an embodiment of the present application;
FIG. 4 is a schematic flow chart illustrating the calculation of a trust value based on a static metric trust mechanism according to an embodiment of the present application;
FIG. 5 is a schematic flow chart illustrating the calculation of a trust value based on a dynamic metric trust mechanism according to an embodiment of the present application;
FIG. 6 is a schematic structural diagram of an electronic device in an embodiment of the present application;
fig. 7 is a schematic diagram of a hardware structure of an electronic device in an embodiment of the present application.
Detailed Description
It is not necessary for any particular embodiment of the invention to achieve all of the above advantages at the same time.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
FIG. 1 is a schematic structural diagram of a big data trust system in an embodiment of the present application; as shown in fig. 1, the big data trust system includes several blockchain nodes, which may be regarded as consensus nodes or common nodes, where the consensus nodes may be regarded as alternatives of the block-out nodes, and the common nodes may be used for synchronizing data but not for block-out.
In this embodiment, a large amount of data is stored in the big data trust system, and the data may be determined according to the requirements of an application scenario. For example, for a bank, the data may be associated with financial data, user data, etc. of the bank's operation.
In this embodiment, the block link point may be a computer or a server connected via the internet or any electronic terminal.
In the embodiment, a trust mechanism is established among all the block chain nodes in the big data trust system through the trust relationship among the nodes, so that the safety of the data stored in the big data trust system is ensured.
In the big data trust system, each block chain link point can realize high autonomy, the block chain link points can be freely connected, and the whole big data trust system is jointly maintained through communication among a plurality of block chain nodes and the like, so that decentralization is realized.
However, in a general big data trust system, the security of the big data trust system is mostly ensured through the encrypted communication of the trusted computing module and the blockchain node.
However, the main components in big data trust systems include: encryption algorithms, consensus algorithms, rights management, intelligent contracts, and data block management. The encryption algorithm is not easy to break, so that the security is high, and compared with the encryption algorithm, the security of the components such as the consensus algorithm, the authority management, the intelligent contract and the like is low.
Therefore, in the embodiment of the present application, the big data trust system includes: each block chain node is provided with a weight module, and the weight module is used for determining historical weights within a preset time period corresponding to the block chain link points and current weights corresponding to the block chain link points; comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node; and the detection module is used for carrying out safety detection on the big data trust system if the weight difference value of any block chain node exceeds a preset difference threshold value.
Therefore, when the weight change of the block chain nodes exceeds a preset difference threshold value, the fact that the big data trust system is abnormal is determined, and therefore safety detection is conducted on the big data trust system, and safety of the big data trust system is guaranteed.
Optionally, in any embodiment of the present application, the detection module is configured to perform safety monitoring on a block link point of which a weight difference value exceeds a preset difference threshold.
Optionally, in any embodiment of the present application, the detection module is configured to perform security monitoring on the block chain node according to historical data of the block chain node to be detected, or according to historical communication data of the block chain node to be detected and other block chain nodes.
Optionally, in any embodiment of the present application, the weighting module is configured to update the sorted list corresponding to the plurality of block link nodes according to at least the confidence value of each block link node; and updating the weight of each block chain node according to the digit of each block chain node in the updated ordered list.
Optionally, in any embodiment of the present application, a trusted computing module is disposed on each block chain node, and is configured to update the sorted list corresponding to the plurality of block chain link points according to the trusted value of the block chain node and historical operation data corresponding to the block chain link points.
Optionally, in any embodiment of the present application, the trusted computing module is configured to compute trusted values of the plurality of block chain nodes based on a set static metric trusted mechanism; or, calculating the credibility values of the plurality of block chain nodes based on the set dynamic measurement credibility mechanism.
Fig. 2 is a schematic flowchart of a method for performing security detection based on weights of block link points in an embodiment of the present application; as shown in fig. 2, it includes:
s201, determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively.
In this embodiment, the determined historical weight may be one or more, which is not limited in this embodiment.
Referring to fig. 1 specifically, in this embodiment, the big data trust system includes a plurality of block chain nodes, and for each block chain node, the historical weight and the current weight of the block chain node may be determined.
In addition, a plurality of nodes included in the big data trust system can be divided into consensus nodes and common nodes, the consensus nodes can achieve consensus through a consensus algorithm based on corresponding weights, and therefore block nodes are determined, and the common nodes can be used for synchronizing data and cannot be used for achieving consensus.
The scheme provided by the embodiment can be directed to the consensus node.
S202, comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node.
In this embodiment, during the comparison, the historical weight and the current weight within the preset time period may be substituted into a preset formula for calculation, so as to obtain a weight difference.
When a history weight is determined, the difference between the history weight and the current weight can be directly calculated; when a plurality of history weights are included, a difference value between an average value of the plurality of history weights and a current weight may be calculated; alternatively, when a plurality of history weights are included, the plurality of history weights and the variance of the current weight may be calculated as a weight difference value.
In this embodiment, when the weight of the block chain node is determined according to the sorted list, if the sorted list is updated, the weight is updated correspondingly, the updated weight is the current weight, and the weight before updating may be the historical weight within the preset time period.
For example, in this embodiment, the historical weight within the preset time period may be a part or all of the historical weight within one hour of the history, and this embodiment does not limit this.
S203, if the weight difference value of any block chain node exceeds a preset difference threshold value, carrying out security detection on the big data trust system.
In this embodiment, if the weight difference exceeds the preset difference threshold, it is determined that there may be an abnormality in the blockchain and the system, for example, there may be a possibility that some blockchain nodes may be malicious. Therefore, in this embodiment, the security detection of the big data trust system can be performed, in particular, for the blockchain nodes with the weight difference value exceeding the preset difference threshold and other blockchain nodes communicated with the blockchain nodes.
Specifically, in this embodiment, step S203 may include: and if the difference between the historical weight and the current weight in the preset time period is greater than the set difference threshold, carrying out safety monitoring on the block link points with the weight difference value exceeding the preset difference threshold.
Specifically, in this embodiment, step S203 may include: the safety monitoring of the block link points with the weight difference value exceeding the preset difference threshold value comprises the following steps: and carrying out safety monitoring on the block chain nodes according to the historical data of the block chain nodes to be detected or the historical communication data of the block chain nodes to be detected and other block chain nodes.
Performing safety detection according to the historical data of the block link point to be detected, specifically verifying the log of the block link point to be detected, calculating the use condition of resources and the like; the safety detection is carried out according to the historical communication data of the block chain link point to be detected and other block chain nodes, and specifically, whether encryption or decryption abnormality exists or not when the communication between the block chain link point and other block chain link points is verified.
Specifically, in this embodiment, step S203 may further include: generating a test sequence consisting of a plurality of random positive test samples according to a preset positive sample set; sequentially inputting a plurality of random positive test samples into the block chain link points to be detected according to the sequence order, and obtaining data change information corresponding to each random positive test sample; and determining whether the block chain node has an abnormality according to the plurality of data change information.
In this embodiment, the random positive test sample may be a completely random positive sample or a semi-random positive sample. The random positive test sample is data meeting the requirement of the interface of the block chain node to be tested on the data format.
Specifically, when the random positive test sample may be a completely random positive sample, the random positive test samples used to form the test sequence are determined by the following steps: random numbers can be generated for multiple times, and according to the random numbers generated each time, samples with sample sizes matched with the random numbers are selected from a preset positive sample set to be positive test samples until the determined positive test samples form the test sequence.
In another embodiment of the present application, when the random positive test sample may be a semi-random positive sample, the random positive test samples used to form the test sequence are determined by the following steps: dividing each positive sample in the positive sample set into a plurality of discrete sets S1; taking i set elements a from the discrete set; randomly modifying the character structure of the i set elements a, and putting the modified and constructed set elements back to the discrete set to obtain a discrete set S2; j set elements b are selected from the discrete set S2; and randomly arranging and combining the j discrete elements b to generate the test sequence.
The determination of semi-random positive samples requires less time than a completely random positive sample.
And when determining whether the block chain node is abnormal according to the data change information, if the normal test sample is input to the block chain node, determining that block overtime occurs to the block chain node according to the data change information and a generated data block verification error occurs, or determining that the block chain node is abnormal according to the data change information and the change of the block chain node determined according to the data change information is inconsistent with a preset change process corresponding to the test sequence.
In the embodiment, by constructing the test sequence and inputting the test sequence into the block chain link points to be tested, various possible abnormalities of the block chain link points can be comprehensively and safely detected, and the safety of the big data trust system is further ensured.
Optionally, in this embodiment, before step S202, the method further includes:
and smoothing the current weights corresponding to the plurality of block chain link points respectively to determine the node of the block from the plurality of block chain nodes.
And when the smoothing processing is carried out, if the difference value between the plurality of current weights is greater than the preset difference value, reducing each current weight until the difference value between the plurality of current weights is less than the preset difference value, thereby finishing the smoothing processing.
In this embodiment, by performing smoothing processing on the current weight, it can be ensured that the weight corresponding to the block link node determined as the next block output node is smaller than the weight difference value of the block link node determined as the last block output node, and it is ensured that the last block output node is different from the current block output node, so that even if the weight of some block link nodes is larger, blocks cannot be continuously output, and the situation that the block link node with the smaller weight has no block output opportunity is also avoided.
In the technical scheme of the embodiment of the application, historical weights within a preset time period corresponding to a plurality of block link points respectively and current weights corresponding to the plurality of block link points respectively are determined; comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node; and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system. Therefore, when the weight change of the block chain nodes exceeds a preset difference threshold value, the fact that the big data trust system is abnormal is determined, and therefore safety detection is conducted on the big data trust system, and safety of the big data trust system is guaranteed.
FIG. 3 is a schematic flow chart illustrating another method for security detection based on block link point weights in an embodiment of the present application; as shown in fig. 3, before step S201, the method further comprises:
and S204, updating the sorted list corresponding to the block chain link points at least according to the credible value of each block chain link node.
In this embodiment, in addition to the confidence value, the sorted list corresponding to the block link node may be updated according to the block exit history of the block link node, and the like. This embodiment does not limit this.
In this step, the sequence of the block chain nodes with a large number of output blocks is shifted backward.
Specifically, a time window corresponding to a historical time period may be set, where the time window includes all block exiting operations of the block chain system in the time period; calculating a block outlet parameter corresponding to each block outlet operation, wherein the block outlet parameter is used for representing the influence degree of the block outlet operation on the ranking of the block chain nodes in the sorted list, and the block outlet parameter is increased progressively according to the sequence of a time window from front to back; counting the block-out parameters by taking the block link points as units to obtain the block-out statistical parameters corresponding to each block link point; and moving the block chain node with higher block-out statistical parameter backward in the ranking of the sorted list.
In this embodiment, the block output parameters are increased in the order from front to back in the time window, so that the influence of the block output operation closer to the next time in the time window on the block output statistical parameters is larger, thereby reducing the situation that two adjacent data blocks are generated by the same block link point.
Specifically, when calculating the block output parameter of each block output operation, the block output score corresponding to the block operation may be calculated according to information of the block output operation, such as block output completion time, block output size, voting condition, and the like; and multiplying the block score by the attenuation factor to obtain a block parameter, wherein the time window is divided into a plurality of time segments, each time segment corresponds to one attenuation factor, and the attenuation factors corresponding to the time segments are increased progressively according to the sequence of the time window from front to back.
The plurality of time slices may be the same, for example, all of 1 hour, or different, and this embodiment does not limit this.
In addition, in this embodiment, the blockchain nodes with sufficient computing resources or low network delay may be moved forward in the rank in the sorted list.
And S205, updating the weight of each block chain node according to the bit number of each block chain node in the updated ordered list.
In this embodiment, step S204 includes: and updating the sorted list corresponding to the plurality of block chain link points according to the credible values of the block chain link points and historical operation data corresponding to the block chain link points.
Optionally, in this embodiment, the trusted values of the several block chain nodes may be calculated based on a set static metric trusted mechanism; alternatively, the credibility values of several blockchain nodes can be calculated based on a set dynamic metric credibility mechanism.
It should be noted that, the above steps S204 and 205 may also be executed after the above steps S201 to S203, or executed in parallel with the steps S201 to S203, which is not limited in this embodiment.
By the scheme provided by the embodiment, the sorted list of the block chain nodes is determined based on the credibility value, the weights of the block chain nodes are further determined according to the sorted list, and whether the safety detection is carried out or not is judged according to the weight difference value subsequently, so that the safety system of the big data trust system can be further improved.
FIG. 4 is a schematic flow chart illustrating the calculation of a trust value based on a static metric trust mechanism according to an embodiment of the present application; as shown in fig. 4, the core of calculating the trust values of several blockchain nodes based on the set static metric trust mechanism includes: after the block chain node is powered on and started and before an operating system of the block chain node is started, carrying out hash operation on the integrity data of the operating system to obtain a hash digest value, and calculating the credibility measurement of the block chain node according to the hash digest value. Specifically, the calculation of the trust value based on the static metric trust mechanism comprises the following steps:
S212A, configuring a credibility measurement module as a credibility root on the block chain node, and carrying out credibility measurement on the credibility measurement to obtain a first hash digest value;
S222A, if the trusted root measurement knows that the trusted root is trusted, performing trusted measurement on the BIOS to obtain a second hash digest value;
S232A, if the BIOS credibility is known through the credibility following measurement, carrying out credibility measurement on the OS loader to obtain a third hash digest value;
S242A, if the BIOS is known to be trusted through the trusted following measurement, the OS is trusted to be measured to obtain a fourth hash abstract value;
and S252A, if the OS is trusted by the trust tracking metric, calculating the trust metric of the blockchain node according to the first hash digest value, the second hash digest value, the third hash digest value, and the fourth hash digest value.
Specifically, in the process of obtaining each hash digest value by performing the confidence measurement, the running process of the used code is monitored, and it is determined whether the jump relationship and the like of the function therein are executed according to a predetermined jump relationship.
Further, the hash operation can be performed on the used code to obtain a hash digest value, and then the hash digest value is compared with the hash digest value obtained by the hash operation performed when the code is executed according to the predetermined jump relation, and if the hash digest values are completely the same or the difference is within the acceptable range, a credible conclusion is generated.
In this embodiment, the steps S212A-242A are executed in the kernel mode of the operating system, so as to ensure the security of the step processing procedure.
Alternatively, in other embodiments, a trusted information collection proxy service module, such as a virtual machine monitor, may also be configured to collect running information of the BIOS, the OS Loader, and the OS, respectively, calculate hash digest values corresponding to the BIOS, the OS Loader, and the OS, and calculate the trust metric of the blockchain node according to the hash digest values corresponding to the BIOS, the OS Loader, and the OS, respectively.
FIG. 5 is a schematic flow chart illustrating the calculation of a trust value based on a dynamic metric trust mechanism according to an embodiment of the present application; as shown in fig. 5, the core of calculating the trust values of several blockchain nodes based on the set static metric trust mechanism includes: after the block chain node is powered on and started and before an operating system of the block chain node is started, carrying out hash operation on the integrity data of the operating system to obtain a hash digest value of the operating system; carrying out hash operation on the integrity data of the application program on the block link points to obtain an application program hash digest value; and calculating the credibility measure of the blockchain node according to the hash digest value of the operating system and the hash digest value of the application program. The method for obtaining the hash digest value of the application program by performing hash operation on the integrity data of the application program on the link point of the block specifically comprises the following steps:
S212B, extracting the core file of the application program and the standard integrity data of the core file, and calculating the standard hash digest value of the application program corresponding to the integrity data;
s222, determining a starting execution event of the application program through the constructed trusted execution environment 222B;
S232B, under the trigger of the starting execution event, extracting the real-time integrity data of the application program;
S242B, carrying out hash operation on the real-time integrity data, and calculating a real-time hash digest value of an application program;
and S252B, determining the hash digest value of the application program according to the standard hash digest value of the application program and the real-time hash digest value of the application program.
In this embodiment, the integrity data includes an executable file and a dynamic library file. In this embodiment, a hash operation is performed on integrity data of an executable file to obtain a real-time hash digest value, the real-time hash digest value is compared with a standard hash digest value corresponding to the integrity data of the executable file during normal operation, if the real-time hash digest value is consistent with the standard hash digest value, the control right of the trusted judgment is transmitted to a dynamic library file, the hash operation is performed on the integrity data of the dynamic library file to obtain a real-time hash digest value, the real-time hash digest value is compared with the standard hash digest value corresponding to the integrity data of the dynamic library file during normal operation, and if the real-time hash digest value is consistent with the standard hash digest value, the real-time hash digest value corresponding to the executable file, and the real-time hash digest value and the standard hash digest value corresponding to the dynamic library file, an application hash.
In the above embodiment, all the block chain nodes may be managed in a fragmented manner within the big data trust system, specifically, the block chain link points that successfully go out of the block in history are determined, the physical addresses of the block chain link points are recorded in an address table, the address table is dynamically updated according to the real-time situation of the block, and since the states of the block connection points that successfully go out of the block in history are the latest and synchronous, when the state synchronization is performed on the block chain link points corresponding to at least part of the trusted values in the trusted value sequence according to a set state synchronization mechanism, if the block chain link points corresponding to at least part of the trusted values in the trusted value sequence are the block chain link points that successfully go out of the block in history, the states of other block chain nodes in the block chain nodes corresponding to at least part of the trusted values in the trusted value sequence are synchronized with reference to the block chain link points that successfully go out of the block in history, thereby achieving fast and accurate state synchronization.
Optionally, in another embodiment, after the verifying that the trusted values of all the block chain nodes pass the vote pass are sorted to obtain the trusted value sequence, according to a set state synchronization mechanism, performing state synchronization on the block chain nodes corresponding to at least part of the trusted values in the trusted value sequence, where the method includes: and determining the state of the block chain node corresponding to at least part of the credible values in the credible value sequence according to a set state judgment mechanism.
Optionally, the set state judgment mechanism includes: and judging whether the outlet block of each block chain node can be verified by other block chain nodes or not according to the historical outlet block data, or judging whether each block chain node can verify the outlet block of other block chain nodes or not. If the verification cannot be carried out or is verified, the block chain node is actually an abnormal node, and therefore the abnormal node can be recovered to be normal through a state synchronization processing mode.
Specifically, in the big data trust system, a state channel is established between the block link points, and the state channel may be implemented by an intelligent contract, so that the state of the block link node corresponding to at least part of the trusted values in the sequence of trusted values may be determined by a direct intelligent contract.
Further, in order to ensure the security of communication, the state transmitted through the state channel is encrypted by a private key, and the received block link point can be obtained only by decrypting the received block link point by using a public key.
Or, a state machine is arranged on each block chain node, the state machine records the state of the block chain link point, and synchronizes to other block chain nodes in the big data trust system in a broadcasting mode, the other block chain link points verify and vote the state of the block chain link points, and if the verification is passed and the proportion of the vote passed reaches the set proportion, the state is considered to be true and credible and is the actual state of the block chain.
Alternatively, the set state determination mechanism includes: and judging whether the block verification mechanism locally configured by the block link node is tampered.
FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application; as shown in fig. 6, the electronic device serves as a block link node, and the electronic device includes a weighting module, where the weighting module is configured to determine historical weights within a preset time period corresponding to a plurality of block link points, respectively, and current weights corresponding to the plurality of block link points, respectively; comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node; and the detection module is used for carrying out safety detection on the big data trust system if the weight difference value of any block chain node exceeds a preset difference threshold value.
Optionally, in an embodiment, the detection module is configured to perform safety monitoring on the block link points whose weight difference values exceed a preset difference threshold.
Optionally, in an embodiment, the detection module is configured to perform security monitoring on the block chain node according to historical data of the block chain node to be detected itself, or according to historical communication data of the block chain node to be detected and other block chain nodes.
Optionally, in an embodiment, the weighting module is configured to update the ordered list corresponding to the plurality of block chain link points according to at least a trusted value of each block chain node; and updating the weight of each block chain node according to the digit of each block chain node in the updated ordered list.
Optionally, in an embodiment, a trusted computing module is disposed on each block chain node, and configured to update an ordered list corresponding to a plurality of block chain link points according to the trusted values of the block chain nodes and historical operation data corresponding to the block chain link points.
Optionally, in an embodiment, the trusted computing module is configured to compute a trusted value of the several block chain nodes based on a set static metric trusted mechanism; or, calculating the credibility values of the plurality of block chain nodes based on the set dynamic measurement credibility mechanism.
Optionally, in an embodiment, each of the blockchain nodes further includes a smoothing module: the method is used for smoothing the current weights respectively corresponding to the plurality of block chain nodes so as to determine the node of the block from the plurality of block chain nodes.
FIG. 7 is a diagram of a hardware structure of an electronic device according to an embodiment of the present application; as shown in fig. 7, the hardware structure of the electronic device may include: a processor 701, a communication interface 702, a computer-readable medium 703 and a communication bus 704;
the processor 701, the communication interface 702, and the computer-readable medium 703 are configured to perform communication with each other through a communication bus 704;
optionally, the communication interface 702 may be an interface of a communication module, such as an interface of a GSM module;
the processor 701 may be specifically configured to run the executable program stored in the memory, so as to perform all or part of the processing steps of any of the above method embodiments.
The Processor 701 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The electronic device of the embodiments of the present application exists in various forms, including but not limited to:
(1) mobile communication devices, which are characterized by mobile communication capabilities and are primarily targeted at providing voice and data communications. Such terminals include smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) The ultra-mobile personal computer equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include PDA, MID, and UMPC devices, such as ipads.
(3) Portable entertainment devices such devices may display and play multimedia content. Such devices include audio and video players (e.g., ipods), handheld game consoles, electronic books, as well as smart toys and portable car navigation devices.
(4) The server is similar to a general computer architecture, but has higher requirements on processing capability, stability, reliability, safety, expandability, manageability and the like because of the need of providing highly reliable services.
(5) And other electronic devices with data interaction functions.
It should be noted that, in the present specification, all the embodiments are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described embodiments of the apparatus and system are merely illustrative, and the modules illustrated as separate components may or may not be physically separate, and the components suggested as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for performing security detection based on block link point weight, comprising:
determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively;
comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node;
and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system.
2. The method according to claim 1, wherein if the difference between the historical weight and the current weight within the preset time period is greater than a set difference threshold, performing security detection on the block link point in the big data trust system comprises: and if the difference between the historical weight and the current weight in the preset time period is greater than the set difference threshold, carrying out safety monitoring on the block link points with the weight difference value exceeding the preset difference threshold.
3. The method of claim 1, wherein the safety monitoring of the block link points whose weight difference values exceed a preset difference threshold comprises: and carrying out safety monitoring on the block chain nodes according to the historical data of the block chain nodes to be detected or the historical communication data of the block chain nodes to be detected and other block chain nodes.
4. The method of claim 1, further comprising: updating the sorted list corresponding to the plurality of block chain nodes at least according to the credible value of each block chain node; and updating the weight of each block chain node according to the digit of each block chain node in the updated ordered list.
5. The method of claim 4, wherein updating the ordered list corresponding to the plurality of block chain node points according to at least the confidence value of each block chain node comprises: and updating the sorted list corresponding to the plurality of block chain link points according to the credible values of the block chain link points and historical operation data corresponding to the block chain link points.
6. The method according to any of claims 4-5, wherein the confidence value of the blockchain node is calculated by: calculating the credibility values of a plurality of block chain nodes based on a set static measurement credibility mechanism; or, calculating the credibility values of the plurality of block chain nodes based on the set dynamic measurement credibility mechanism.
7. The method of claim 6, wherein the comparing the historical weight and the current weight of each blockchain node within a preset time period determines a weight difference of each blockchain node, and further comprising: and smoothing the current weights corresponding to the plurality of block chain link points respectively to determine the node of the block from the plurality of block chain nodes.
8. A big data trust system, comprising: each block chain node is provided with a weight module, and the weight module is used for determining historical weights within a preset time period corresponding to the block chain link points and current weights corresponding to the block chain link points; comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node; and the detection module is used for carrying out safety detection on the big data trust system if the weight difference value of any block chain node exceeds a preset difference threshold value.
9. An electronic device, comprising: a memory having computer-executable instructions stored thereon and a processor for executing the computer-executable instructions to perform the steps of:
determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively;
comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node;
and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system.
10. A computer storage medium having computer-executable instructions stored thereon that, when executed, perform the steps of:
determining historical weights within a preset time period corresponding to the block link points respectively and current weights corresponding to the block link points respectively;
comparing the historical weight and the current weight of each block chain node within a preset time period, and determining the weight difference of each block chain node;
and if the weight difference value of any block chain node exceeds a preset difference threshold value, performing security detection on the big data trust system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011044005.6A CN112202875B (en) | 2020-09-28 | Method and device for safety detection based on block chain node weight and related products |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011044005.6A CN112202875B (en) | 2020-09-28 | Method and device for safety detection based on block chain node weight and related products |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112202875A true CN112202875A (en) | 2021-01-08 |
| CN112202875B CN112202875B (en) | 2024-07-02 |
Family
ID=
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112839094A (en) * | 2021-01-13 | 2021-05-25 | 立旃(上海)科技有限公司 | Block chain network security evaluation method and device |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108696589A (en) * | 2018-05-14 | 2018-10-23 | 百度在线网络技术(北京)有限公司 | Block chain data transmission method, device, equipment and storage medium |
| CN109818837A (en) * | 2018-12-13 | 2019-05-28 | 深圳壹账通智能科技有限公司 | Intelligent home furnishing control method, device, computer equipment and storage medium |
| CN110166972A (en) * | 2019-05-28 | 2019-08-23 | 朱清 | A kind of Intelligent Sensing System with block chain module |
| CN110166271A (en) * | 2018-02-14 | 2019-08-23 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus detecting network node abnormality |
| CN110275887A (en) * | 2019-06-20 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of data processing method based on block catenary system, system and device |
| CN110336821A (en) * | 2019-07-09 | 2019-10-15 | 长沙理工大学 | A kind of method and apparatus of collaboration ballot detection of false data |
| CN110661656A (en) * | 2019-09-20 | 2020-01-07 | 广东卓启投资有限责任公司 | Block chain rapid consensus method and device |
| CN110730195A (en) * | 2019-12-18 | 2020-01-24 | 腾讯科技(深圳)有限公司 | Data processing method and device and computer readable storage medium |
| CN110752969A (en) * | 2019-10-21 | 2020-02-04 | 腾讯科技(深圳)有限公司 | Performance detection method, device, equipment and medium |
| CN110888788A (en) * | 2019-10-16 | 2020-03-17 | 平安科技(深圳)有限公司 | Anomaly detection method and device, computer equipment and storage medium |
| CN111343208A (en) * | 2020-05-21 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Block chain-based data detection method and device and computer-readable storage medium |
| WO2020143183A1 (en) * | 2019-01-11 | 2020-07-16 | 平安科技(深圳)有限公司 | Blockchain consensus method based on delegated proof of stake, and related device |
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110166271A (en) * | 2018-02-14 | 2019-08-23 | 北京京东尚科信息技术有限公司 | A kind of method and apparatus detecting network node abnormality |
| CN108696589A (en) * | 2018-05-14 | 2018-10-23 | 百度在线网络技术(北京)有限公司 | Block chain data transmission method, device, equipment and storage medium |
| CN109818837A (en) * | 2018-12-13 | 2019-05-28 | 深圳壹账通智能科技有限公司 | Intelligent home furnishing control method, device, computer equipment and storage medium |
| WO2020143183A1 (en) * | 2019-01-11 | 2020-07-16 | 平安科技(深圳)有限公司 | Blockchain consensus method based on delegated proof of stake, and related device |
| CN110166972A (en) * | 2019-05-28 | 2019-08-23 | 朱清 | A kind of Intelligent Sensing System with block chain module |
| CN110275887A (en) * | 2019-06-20 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of data processing method based on block catenary system, system and device |
| CN110336821A (en) * | 2019-07-09 | 2019-10-15 | 长沙理工大学 | A kind of method and apparatus of collaboration ballot detection of false data |
| CN110661656A (en) * | 2019-09-20 | 2020-01-07 | 广东卓启投资有限责任公司 | Block chain rapid consensus method and device |
| CN110888788A (en) * | 2019-10-16 | 2020-03-17 | 平安科技(深圳)有限公司 | Anomaly detection method and device, computer equipment and storage medium |
| CN110752969A (en) * | 2019-10-21 | 2020-02-04 | 腾讯科技(深圳)有限公司 | Performance detection method, device, equipment and medium |
| CN110730195A (en) * | 2019-12-18 | 2020-01-24 | 腾讯科技(深圳)有限公司 | Data processing method and device and computer readable storage medium |
| CN111343208A (en) * | 2020-05-21 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Block chain-based data detection method and device and computer-readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112839094A (en) * | 2021-01-13 | 2021-05-25 | 立旃(上海)科技有限公司 | Block chain network security evaluation method and device |
| CN112839094B (en) * | 2021-01-13 | 2022-08-02 | 立旃(上海)科技有限公司 | Block chain network security evaluation method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110708171B (en) | Block chain consensus voting method, device, equipment and storage medium | |
| CN111786950B (en) | Network security monitoring method, device, equipment and medium based on situation awareness | |
| KR20210006934A (en) | Blockchain consensus method, accounting nodes and nodes | |
| CN112187475A (en) | Method and device for performing multi-center accounting based on trusted computing and related products | |
| EP4006742A1 (en) | Fork processing method and blockchain node | |
| CN111698088A (en) | Key alternation method, key alternation device, electronic equipment and medium | |
| CN113326516A (en) | Block chain consensus method, block chain system and computer equipment | |
| CN112134883A (en) | Method and device for quickly authenticating trust relationship between nodes based on trusted computing and related products | |
| CN109921897B (en) | Triggering method and device for workload certification calculation, calculating equipment and storage medium | |
| CN112202765B (en) | Block chain common identification block method, block chain system, electronic device and storage medium | |
| CN112187476A (en) | Method and device for synchronizing block chain state based on trusted computing and related product | |
| CN112162782B (en) | Method, device and related product for determining application program trusted state based on trusted root dynamic measurement | |
| CN112311624B (en) | Cloud host testing method and device, storage medium and electronic equipment | |
| CN111429643B (en) | Method and device for shaking numbers and storage medium | |
| CN112202875B (en) | Method and device for safety detection based on block chain node weight and related products | |
| CN112202875A (en) | Method and device for safety detection based on block link point weight and related product | |
| CN112184439B (en) | De-centralized transaction method and device based on node ordering and related products | |
| CN113411191B (en) | Data auditing method and device | |
| CN112131602A (en) | Method and device for quickly expanding trust relationship between nodes based on trusted computing and related products | |
| CN112583798B (en) | Method, device and related product for screening common identification nodes from block chain system | |
| CN112804305B (en) | Credible networking method and system of internet node and related product | |
| CN112580009A (en) | Method and device for authenticating user identity in big data system and related products | |
| CN112688960B (en) | Method, system and related product for calculating connection strength in internet node authentication | |
| CN112165399B (en) | Method and device for processing block link point faults based on credible root metrics and related products | |
| CN112788121B (en) | Method and system for calculating global reputation value in internet node and related product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |